sudo: add optional pam support
Configure the sudo utility to support PAM if the framework is enabled. [Peter: use install -D, reword commit message] Signed-off-by: James Knight <james.knight@rockwellcollins.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
parent
8d10204ba5
commit
eeacb333a3
@ -16,9 +16,20 @@ SUDO_CONF_OPTS = \
|
|||||||
--without-umask \
|
--without-umask \
|
||||||
--with-logging=syslog \
|
--with-logging=syslog \
|
||||||
--without-interfaces \
|
--without-interfaces \
|
||||||
--without-pam \
|
|
||||||
--with-env-editor
|
--with-env-editor
|
||||||
|
|
||||||
|
ifeq ($(BR2_PACKAGE_LINUX_PAM),y)
|
||||||
|
define SUDO_INSTALL_PAM_CONF
|
||||||
|
$(INSTALL) -D -m 0644 package/sudo/sudo.pam $(TARGET_DIR)/etc/pam.d/sudo
|
||||||
|
endef
|
||||||
|
|
||||||
|
SUDO_DEPENDENCIES += linux-pam
|
||||||
|
SUDO_CONF_OPTS += --with-pam
|
||||||
|
SUDO_POST_INSTALL_TARGET_HOOKS += SUDO_INSTALL_PAM_CONF
|
||||||
|
else
|
||||||
|
SUDO_CONF_OPTS += --without-pam
|
||||||
|
endif
|
||||||
|
|
||||||
# mksigname/mksiglist needs to run on build host to generate source files
|
# mksigname/mksiglist needs to run on build host to generate source files
|
||||||
define SUDO_BUILD_MKSIGNAME_MKSIGLIST_HOST
|
define SUDO_BUILD_MKSIGNAME_MKSIGLIST_HOST
|
||||||
$(MAKE) $(HOST_CONFIGURE_OPTS) \
|
$(MAKE) $(HOST_CONFIGURE_OPTS) \
|
||||||
|
12
package/sudo/sudo.pam
Normal file
12
package/sudo/sudo.pam
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
auth sufficient pam_rootok.so
|
||||||
|
auth required pam_wheel.so use_uid
|
||||||
|
auth required pam_env.so
|
||||||
|
auth required pam_unix.so nullok
|
||||||
|
|
||||||
|
account required pam_unix.so
|
||||||
|
|
||||||
|
password required pam_unix.so nullok
|
||||||
|
|
||||||
|
session required pam_limits.so
|
||||||
|
session required pam_env.so
|
||||||
|
session required pam_unix.so
|
Loading…
Reference in New Issue
Block a user